Openclaw Triage

Incident response and forensics for agent workspaces. Investigate compromises, build timelines, assess blast radius, and collect evidence. Cross-references data from warden, ledger, signet, and sentinel for unified analysis. Free alert layer — upgrade to openclaw-triage-pro for automated containment, remediation playbooks, and evidence export.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 1.3k · 2 current installs · 2 all-time installs

by@AtlasPA

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description describe workspace triage and the skill only requires python3 and local filesystem access. Declared cross‑references (.integrity, .ledger, .signet, .sentinel) match the checks implemented in the script.

ℹ

Instruction Scope

Instructions and the script read the entire workspace, build timelines, compute hashes, and copy security tool data into .triage/evidence. This is expected for forensics, but it will access and collect potentially sensitive files (credentials, skill code, configs). The SKILL.md claims 'no network calls' and the visible code appears local‑only, but the script imports subprocess and other modules — review the remainder of the file for any network invocations before running in production.

✓

Install Mechanism

No install spec; the skill is instruction/code only and requires only python3 on PATH. Nothing is downloaded or written to system locations outside the workspace when run.

✓

Credentials

The skill requests no environment variables, no external credentials, and only accesses workspace files and known OpenClaw tool paths. The lack of declared secrets is proportionate to the stated purpose.

ℹ

Persistence & Privilege

The tool writes state/evidence and may create quarantine/backups under .triage within the workspace (normal for a triage tool). always:false (not force‑installed). If you run remediation/quarantine actions those will modify workspace files — follow the guidance to take evidence first.

Assessment

This appears to be a coherent local triage tool, but review and treat it carefully before use: 1) Inspect the full scripts/triage.py for any network or subprocess commands that could transmit data; although the SKILL.md says 'no network calls', the code imports subprocess — verify there are none. 2) Run it against a copy of the workspace (or point --workspace to a snapshot) first to avoid accidental changes. 3) Expect it to collect and store potentially sensitive files (hashes, configs, credentials it finds) under .triage/evidence — protect that output. 4) Always run the evidence/collection command before any remediation/quarantine actions, and keep backups. 5) If you need higher assurance, run the script in an isolated environment (air‑gapped or with network blocked) and consider a quick code audit focusing on any subprocess calls, file writes, and any uses of network/socket libraries.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2

Download zip

latestvk973npnxbwg82bf7y2g4v5swxd811j3z

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚨 Clawdis

OSmacOS · Linux · Windows

Binspython3

SKILL.md

OpenClaw Triage

Incident response and forensics for agent workspaces. When something goes wrong — a skill behaves unexpectedly, files change without explanation, or another security tool flags an anomaly — triage investigates what happened, assesses the damage, and guides recovery.

This is the "detective" that pulls together evidence from all OpenClaw security tools into a unified incident report.

Commands

Full Investigation

Run a comprehensive incident investigation. Collects workspace state, checks for signs of compromise (recently modified critical files, new skills, unusual permissions, off-hours modifications, large files, hidden files), cross-references with warden/ledger/signet/sentinel data, builds an event timeline, and calculates an incident severity score (CRITICAL / HIGH / MEDIUM / LOW).

python3 {baseDir}/scripts/triage.py investigate --workspace /path/to/workspace

Event Timeline

Build a chronological timeline of all file modifications in the workspace. Groups events by hour, highlights suspicious burst activity (many files modified in a short window), shows which directories and skills were affected, and cross-references with ledger entries if available.

python3 {baseDir}/scripts/triage.py timeline --workspace /path/to/workspace

Look back further than the default 24 hours:

python3 {baseDir}/scripts/triage.py timeline --hours 72 --workspace /path/to/workspace

Blast Radius (Scope)

Assess the blast radius of a potential compromise. Categorizes all files by risk level (critical, memory, skill, config), checks for credential exposure patterns in recently modified files, scans for outbound exfiltration URLs, and estimates scope as CONTAINED (single area), SPREADING (multiple skills), or SYSTEMIC (workspace-level).

python3 {baseDir}/scripts/triage.py scope --workspace /path/to/workspace

Evidence Collection

Collect and preserve forensic evidence before remediation. Snapshots the full workspace state (file list with SHA-256 hashes, sizes, timestamps), copies all available security tool data (.integrity/, .ledger/, .signet/, .sentinel/), and generates a summary report. Always run this before any remediation to preserve the forensic trail.

python3 {baseDir}/scripts/triage.py evidence --workspace /path/to/workspace

Save to a custom output directory:

python3 {baseDir}/scripts/triage.py evidence --output /path/to/evidence/dir --workspace /path/to/workspace

Quick Status

One-line summary of triage state: last investigation timestamp, current threat level, and whether evidence has been collected.

python3 {baseDir}/scripts/triage.py status --workspace /path/to/workspace

Workspace Auto-Detection

If --workspace is omitted, the script tries:

OPENCLAW_WORKSPACE environment variable
Current directory (if AGENTS.md exists)
~/.openclaw/workspace (default)

Cross-Reference Sources

Triage automatically checks for data from these OpenClaw tools:

Tool	Data Path	What Triage Checks
Warden	`.integrity/manifest.json`	Baseline deviations — files modified since last known-good state
Ledger	`.ledger/chain.jsonl`	Chain breaks, unparseable entries, suspicious log entries
Signet	`.signet/manifest.json`	Tampered skill signatures — skills modified after signing
Sentinel	`.sentinel/threats.json`	Known threats and high-severity findings

Incident Severity Levels

Level	Meaning	Trigger
CRITICAL	Immediate response required	Any critical finding, or 3+ high findings
HIGH	Investigation warranted	High-severity findings from any source
MEDIUM	Review recommended	Multiple medium findings or volume threshold
LOW	No immediate action	Informational findings only

Exit Codes

0 — Clean, no actionable findings
1 — Findings detected (investigation recommended)
2 — Critical findings (immediate action needed)

No External Dependencies

Python standard library only. No pip install. No network calls. Everything runs locally.

Cross-Platform

Works with OpenClaw, Claude Code, Cursor, and any tool using the Agent Skills specification.

Files

3 total

Select a file

Select a file to preview.

Comments

Loading comments…